We now have static application security testing (SAST) deployed. All should be good. No, all is NOT Good! The most challenging parts of any SAST tool deployment are the initial shock of potential vulnerabilities, coding errors, and risk. When I come into an organization for an audit, it is common to find their SAST tool Read More
Category: Scaling
CISOs, get your First Sergeant
Behind Every Effective CISO, a First Sergeant is Clearing the Path for the organization’s success. The way we’re setting up our CISO structure is NOT working as expected. The threats keep on coming. Organizations put their fingers in the dike, plugging security risks while exhaustingly bailing water from a sinking boat. This is a no-win Read More
Cyberwarfare is here; now what?
Cyberwarfare activities were always on the Internet. STUXNET, Google Aurora, and many other attacks were a fact of life. We had cyber attacks when Yugoslavia broke up. We have constant attacks in the Middle East. Cyberwar was part of a security practitioner’s threat model from the late ‘80s until the early 2000s. Then, cybercrime started Read More
SCADASEC – a Security Trust Groups in for the Industry
SCADASEC is a community created ~2004 to mirror the success of the Internet Backbone’s Security Trust Group (NSP-SEC). SCADASEC focuses on “security discussions, trends, and overall discussions pertaining to critical infrastructure protection (CIP) and SCADA/control systems security.” Over the years, the information shared, joint action, threat updates, consultation, and collective action have been critical to Read More
Protect your BGP Sessions from DDoS Attacks
Networks that think they are “DDoS resilient” get surprised when their BGP Sessions go down from an easily crafted DDoS. BGP port (179) is left open to the Internet and is an easy target for a low-level attack that will knock down your BGP session. Shodan’s BGP Report 325,082 open port 179 instances (June 2023). Read More
Why Are Cybercriminals Targeting Healthcare?
Why are cybercriminals targeting healthcare when the medical community puts patients first? Why are cybercriminals taking actions that threaten people’s lives at risk? The focused cybercriminal targeting of healthcare is now an increasing cause of death. Is this data suppressed? Why? The liability insurance covering all the healthcare community’s medical care would skyrocket. The closure
“I saw you comment on Linkedin Scams ….”
Someone asked me about an old comment/post I did on Linkedin Scams. He is getting a log of Linkedin Scams and needs more quality connections. It is always interesting to see the questions I get asked. Their questions instigate more thinking on my side on how I can help. Of course, I first check the Read More
Social Media PODs for Security
Social Media PODs have been used on Instagram, Facebook, and Linkedin. Social PODs are a technique to “hack” algorithm which governs feeds. The Security-Social-POD’s goals are not as elaborate. The focus will be the expand our social media reach while having a group of like-minded security professionals focuses on specific security themes. Our curated Linkedin,
Shadowserver Dashboard in Indonesian, Malay, Filipino, Thai & Arabic
Have you seen the Shadowserver Dashboard? Did you know it provides critical information on what people outside your network can see into your network? Did you know that the Dashboard and free reports can save your network …. all you need to do is track down the exposure and fix it (before the criminals use Read More
Beyond “Security Architecture” – It is all about Business Resiliency
“Security Architecture” is the theme Mathew J. Schwartz (ISMG) pulled out of his interview with John Chambers, founder, and CEO of JC2 Ventures. It is ironic that on a “life-impacting day,” in pop an interview from one of my mentors, John Chambers. If you are reading this, stop and listen to the interview. Once you’ve Read More